Analysis Overview
SHA256
f15ac5b6f7dd2d62adb480d65f9570e4c6ad438bdc98231344292536987d3454
Threat Level: Known bad
The file 6c57f764b48f9cb115020af71341dc5d_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-24 18:32
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. | android.permission.BIND_WALLPAPER | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-24 18:32
Reported
2024-07-24 18:35
Platform
android-x86-arm-20240624-en
Max time kernel
6s
Max time network
139s
Command Line
Signatures
Processes
ir.hmh.PeaceLiveWallpaper_1
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | cafebazaar.ir | udp |
| IR | 185.166.104.4:443 | cafebazaar.ir | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/Android/data/ir.hmh.PeaceLiveWallpaper_1/files/optimize
| MD5 | b326b5062b2f0e69046810717534cb09 |
| SHA1 | 5ffe533b830f08a0326348a9160afafc8ada44db |
| SHA256 | b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b |
| SHA512 | 9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de |
/data/data/ir.hmh.PeaceLiveWallpaper_1/cache/1
| MD5 | 1ddf15ad9155983b9f892bc48c81a5b4 |
| SHA1 | 4dc6a8eb00a25de31ec255fddd303442c1b2a08d |
| SHA256 | 0b72742b449ae1d7f5c2845f937d5b27cdb8470f517b5b3be3619bc6eeeca447 |
| SHA512 | 67ec7cb1a8b6c0ae3a7b48e3fe571a1782fd273a114ffb497ea58cdf34c1d87a6996d810e99e3867685fa6be85782d83a271cbc9d8a381af616a7973f0d72708 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-24 18:32
Reported
2024-07-24 18:35
Platform
android-x64-20240624-en
Max time network
167s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| GB | 173.194.76.188:5228 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 216.239.36.223:443 | tcp | |
| US | 216.239.36.223:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| GB | 142.250.200.10:443 | g.tenor.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | mdh-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-24 18:32
Reported
2024-07-24 18:35
Platform
android-x64-arm64-20240624-en
Max time kernel
7s
Max time network
134s
Command Line
Signatures
Processes
ir.hmh.PeaceLiveWallpaper_1
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | cafebazaar.ir | udp |
| IR | 185.166.104.4:443 | cafebazaar.ir | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/user/0/ir.hmh.PeaceLiveWallpaper_1/cache/1
| MD5 | 1ddf15ad9155983b9f892bc48c81a5b4 |
| SHA1 | 4dc6a8eb00a25de31ec255fddd303442c1b2a08d |
| SHA256 | 0b72742b449ae1d7f5c2845f937d5b27cdb8470f517b5b3be3619bc6eeeca447 |
| SHA512 | 67ec7cb1a8b6c0ae3a7b48e3fe571a1782fd273a114ffb497ea58cdf34c1d87a6996d810e99e3867685fa6be85782d83a271cbc9d8a381af616a7973f0d72708 |